oma-brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill analysis did not identify any malicious instructions, obfuscated content, or hardcoded credentials.
- [SAFE]: All external references and tools, such as the oh-my-ag CLI and shared core protocols, originate from the vendor's own framework and are consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes untrusted codebase data, creating a surface for indirect prompt injection. Ingestion points: Phase 1 codebase exploration. Boundary markers: sequential questioning and incremental design approval (Rules 2 and 4). Capability inventory: filesystem read and write (Phase 1 and Phase 5). Sanitization: the workflow relies on mandatory user confirmation at each step to sanitize outputs.
Audit Metadata